hash

You probably remember that for DEFCON I built a hat that was turned into a game. In addition to scrolling messages on an LED marquee there was a WiFi router hidden inside the hat. Get on the AP, load any webpage, and you would be confronted with a scoreboard, as well as a list of usernames and their accompanying password hashes. Crack a hash and you can put yourself on the scoreboard as well as push custom messages to the hat itself.

Choosing the complexity of these password hashes was quite a challenge. How do you make them hackable without being so simple that they would be immediately cracked? I suppose I did okay with this because one hacker (who prefers not to be named) caught me literally on my way out of the conference for the last time. He had snagged the hashes earlier in the weekend and worked feverishly to crack the code. More details on the process are available after the jump.

We don’t want to call it a challenge because we fear the regulars at DEFCON can turn our piece of hardware into a smoking pile of slag, but we are planning to bring a bit of fun along with us. I’ll be wearing this classy headgear and I invite you to hack your way into the WiFi enabled Hackaday Hat.

I’ll be wearing the hat-of-many-scrolling-colors around all weekend for DEFCON 22, August 7-10th in Las Vegas. You may also find [Brian Benchoff] sporting the accessory at times. Either way, come up and say hello. We want to see any hardware you have to show us, and we’ll shower you with a bit of swag.

Don’t let it end there. Whip out your favorite pen-testing distro and hack into the hat’s access point. From there the router will serve up more information on how to hack into one of the shell accounts. Own an account and you can leave your alias for the scoreboard as well as push your own custom message to the hat’s 32×7 RGB LED marquee.

If you’ve got a BeagleBone and an FPGA board you should give this Bitcoin mining rig a try. The hardware uses brute-force to solve hashes, looking for the rare sets that can be used as digital currency. This particular example is designed for the LOGi-bone which is an FPGA shield for the BeagleBone. But we don’t see anything that would make this difficult to use with other FPGA hardware.

We’ve seen FPGA hardware bitcoin mining in the past. It doesn’t offer as much horsepower as an array of GPUs would, but the ARM/FPGA combo can be used in a cluster in order to speed up the process. This sounds like a fun group project to take on at the local Hackerspace.

It’s our understanding that the video game industry has long been a driving force in new and better graphics processing hardware. But they’re not the only benefactors to these advances. As we’ve heard before, a graphics processing unit is uniquely qualified to process encryption hashes quickly (we’ve seen this with bitcoin mining). This project strings together 25 GPU cards in 5 servers to form a super fast brute force attack. It’s so fast that the actual specs are beyond our comprehension. How can one understand 348 billion hashes per second?

The testing was used on a collection of password hashes using LM and NTLM protocols. The NTLM is a bit stronger and fared better than the LM, but that’s not actually saying much. An eight character NTLM password will fall in 5.5 hours, while a 14 character LM hash makes it only about six minutes before the solution is discovered. Of course this type of hardware is only good if you have a copy of the password hashes themselves. Login protocols will lock out after a certain number of attempts and have measures in place to slow down automated systems like this one.

The power that a Graphics Processing Unit presents can be harnessed to do some dirty work when trying to crack passwords. [Vijay] took a look at some of the options out there for cracking passwords and found that utilizing the GPU produces the correct password in a fraction of the time. On a Windows machine he pitted the Cain password recovery tool which uses the CPU for its calculations against ighashgpu which uses ATI or Nvidia graphics cards to do the deed. Hands down ighashgpu is the fastest; with Cain taking about one year to crack an eight character password while ighashgpu can do it in under nineteen hours.

Irongeek.com is hosting an online class on password exploitation. The event was a fundraiser called ShoeCon, but they are hosting the entire series for everyone to share. Not only are the videos there, but you can download the powerpoint slides as well. There is a massive amount of information here on various topics like Hashcat, OCLHashcat, Cain, SAMDump2, Nir’s Password Recovery Tools, Password Renew, Backtrack 4 R1, UBCD4Win. There’s so much info, they split it into 3 sections. The videos are fairly long, between 1 and 2.5 hours each. What might surprise people is the amount of time that google is actually one of the main tools.

These videos can be a fantastic resource for hobby hackers, IT admins, and security professionals.